The Veterans Affairs Department is bringing in a veteran of the federal IT community to be its new chief information security officer.
LaVerne Council, VA’s assistant secretary for Information and Technology and chief information officer, announced July 19 that Roopangi Kadakia would take over as CISO as of July 24.
“Ms. Kadakia comes to us with a broad background spanning information management, governance and security operations — both in the federal government as well as private industry,” Council wrote in an email to staff, which Federal News Radio obtained. “She joins us from the [National Aeronautics and Space Administration], where she serves as the program executive for security operations, Web services and information management, and where she orchestrated the transfer of more than 160 systems into the cloud, one of the federal government’s largest cloud deployments to-date. Prior to NASA, she held multiple roles as CISO for both International Finance Corporation (IFC) and the Department of Homeland Security’s Science and Technology organization.”
Kadakia has worked at NASA for the past five years, and she also has worked for the Peace Corps and the General Services Administration.
“As we prepare for our next sprint toward our transformation goals, Ms. Kadakia’s unique experience will help us eliminate IT as a material weakness for VA, safeguard our employees’ and Veterans’ data, move some of our own systems to the cloud, and strengthen security and oversight of our IT assets, systems, and applications, all while ensuring all employees have the privileges and resources they need to perform their jobs,” Council wrote.
Ron Thompson, the principal deputy assistant secretary and deputy CIO, had been the acting CISO since April.
Kadakia will be VA’s fifth permanent or acting CISO in less than a year. Prior to Burns, Stan Lowe served as CISO and retired in August. Additionally, VA brought in Dan Galick to serve in an executive cyber role. He also was acting CISO for four months in late 2015.
She will pick up on the efforts started by Council in October when she created a new cyber strategy to begin addressing these problems. In February, Council said she plans to eliminate all cyber material weaknesses by 2017.
A recent mid-year report from VA’s OI&T said the agency is making progress. Council said VA has mitigated 21 million critical and high-security vulnerabilities, reduced the use of prohibited software on VA’s network by 90 percent and reduced the number of employees with privileged network access by 95 percent.